EUVD-2026-28455

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

CVE-2026-33573 OpenClaw < 2026.3.11 - Workspace Boundary Bypass via Agent RPC Parameters

OpenClaw before 2026.3.11 contains an authorization bypass vulnerability in the gateway agent RPC that allows authenticated operators with operator.write permission to override workspace boundaries by supplying attacker-controlled spawnedBy and workspaceDir values. Remote operators can escape the...

EUVD-2022-2433

Malicious code in bioql PyPI...

CVE-2006-5143

CVE-2006-5143 affects Computer Associates BrightStor ARCserve Backup and related Protection Suite products. The vulnerabilities are buffer overflows in multiple components: the Backup Agent RPC Server (DBASVR.exe) via RPC opcodes 0x01/0x02/0x18 on TCP 6071; the Message Engine RPC Server (msgeng.e...